Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider.
This issue affects :
- Devolutions Server 2026.2.4.0
- Devolutions Server 2026.1.20.0 and earlier